You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Trying to identify a bug. Can't download Farbar/others from BC

The PC with the problem is running Windows Vista Business, Service Pk 2, 32 bit. I have AVG free for antivirus. About a week ago, I started getting an AVG warning about a 'suspicious file', that was possibly a rootkit. It was recommended that I quarantine the file, which I did, and then AVG recommended a 'boot scan', which I did, but it didn't find anything. Since the original warning, the PC has progressively gotten worse. Simple files are slow to open. Opening Firefox can take a minute or two, and sometimes a reboot is required to get online. Once online, some websites either won't or are very slow to open. I've tried to download some troubleshooting software on this PC, and the backward grey circle just keeps spinning and if it ever turns blue and spins forward, it still at times won't load the page or software. I tried to download AdwCleaner, Farbar Recovery and other software from BleepingComp., to no avail. I have also found a file in the registry, swcustcfg, that I can't edit or delete. I worked on this file because I had seen in one of the many scans I've done, something about 'SVC: swcustcfg ->->?', being an issue, sorry I can't remember where I saw that. I'm working from a different PC now and hoping you can help me figure this out. Much thanks in advance, Roy

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (08/16/2017 11:44:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/15/2017 04:49:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/15/2017 03:16:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/15/2017 02:29:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/15/2017 02:29:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (08/15/2017 02:29:33 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (08/15/2017 02:29:33 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (08/15/2017 02:29:33 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (08/15/2017 02:29:33 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

CodeIntegrity:
===================================
Date: 2017-08-16 13:01:07.521
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-08-16 13:01:07.287
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-08-16 13:01:07.053
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-08-16 13:01:06.819
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-08-16 13:00:50.782
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-08-16 13:00:50.548
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-08-16 13:00:50.314
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-08-16 13:00:50.080
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-08-15 15:36:46.406
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-08-15 15:36:46.157
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Thanks for your help and I'll do my best to follow your instructions. After running FRST to create the fixlog file, I was notified that I needed to restart the computer, which you didn't mention, I assume I should.

I went ahead and did the reboot. Tried going to my homepage-very,very slow. Some of the images never loaded and the little blue circle never quit spinning. From there, I browsed over to BC and tried downloading Adwcleaner, Combofix, and Farbar Recovery. Each one did bring up their respective download page, but I didn't complete the download process. I then hit the home button and again it took way too long to start loading the page and again many of the images didn't load. I then tried to run AVG antivirus, and it failed to start. Next I went to Windows Defender to check its status. It was turned off by a "group policy", which I know nothing about. The PC seems to be altering its actions, yesterday I couldn't get to the afore mentioned download pages, but I could today. For now, I'll wait for your next suggestion.

I tried the 'Anti-Rootkit BETA' link 3 times, but nothing happened except the little blue circle kept spinning. On the 4th attempt, I right clicked the link and opened in a new tab. I did get to the download page and clicked the DOWNLOAD button, but only got partial downloads, several times. I eventually had to use another PC to download the file. I then transferred it, by flash drive, to the troubled PC desktop. Then I followed your instructions and the scan came back clean. Here is the log file.

I uninstalled AVG according to the directions from AVG site. Afterwards, I first looked at registry to see if 'swcustcfg' was still there, it was. But as before, I was unable to open or edit the file??? Don't know if that file pertains to AVG. Next, I browsed back to my homepage and to BC without a problem. From BC, I went to the links that I couldn't get to earlier, I also downloaded some of the same support programs that I couldn't earlier. I then reinstalled AVG Free. I browsed back to my homepage and some of the images hadn't loaded, and the blue circle was spinning. I then clicked the shortcut to BC and nothing happened, the blue circle still spinning.!!! Just now as I was typing this, a window opened in the taskbar. I clicked it to open and it was this, AVG.jpg83.25KB0 downloads. I hope that worked. I'm not sure how to attach files to this forum. In case you can't read the blurred print, it says:

Since reinstalling AVG, and getting the Rootkit warning, I've tried some more browsing. It's terrible. And I just got the AVG Rootkit warning window again. As I was saying, browsing is a mess. Most, if not all, pages fail to completely load and the blue circle keeps spinning, this can go on for several minutes until I stop loading the page. Only once have I seen the browser actually time out. So for now, I have AVG Free installed, browsing is horrific, and I'm getting the AVG Rootkit warning which refers to swcustcfg as a hidden Rootkit. I have noticed there being 2 swcustcfg files in the registry at times. One of them I can edit, the other I can't. At other times, there's only 1 swcustcfg file, and it can't be edited. That's all for now.

Well, I went 2 steps forward and 4 back. I am now unable to get on the internet with the troubled PC. This is a totally different situation from what you've been working on. I need to explain my internet setup. I live in a remote area where broadband is not available. The best service I can get is AT&T cellular using a USB modem(AC340U). This device uses a program called 'AT&T All Access' to interface with the PC. I found out(online), that the file 'swcustcfg' is part of that interface. So, after I had used the AVG Clear and Remove tools to uninstall AVG, I also uninstalled the All Access program, thinking that would remove the 'swcustcfg' file, which has been giving the Rootkit warning. It didn't change that file, which is locked and untouchable, so I reinstalled the All Access program. But now, I can't access the internet with the troubled PC and I've been working on that issue since my last post, which I sent from a different PC using the same USB modem. I have to switch the modem from one PC to the other, for internet service, when it works. Until I'm able to rectify the new problem, there's no way to continue with the original one. What do you suggest? If I can get it back online, I could start a new thread.

Application errors:
==================
Error: (08/20/2017 12:40:44 PM) (Source: profsvc) (User: VISTA)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.

DETAIL - The system cannot find the file specified.

Error: (08/20/2017 12:40:41 PM) (Source: profsvc) (User: VISTA)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.

DETAIL - The system cannot find the file specified.

Error: (08/20/2017 12:26:52 PM) (Source: profsvc) (User: VISTA)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.

DETAIL - The system cannot find the file specified.

Error: (08/20/2017 12:26:39 PM) (Source: profsvc) (User: VISTA)
Description: Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, and that your network is functioning correctly.

CodeIntegrity Errors:
===================================
Date: 2017-08-18 09:52:16.691
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-08-18 09:52:16.473
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-08-18 09:52:16.255
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-08-18 09:52:16.036
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-08-18 09:52:15.818
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-08-18 09:52:15.599
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-08-18 09:52:15.365
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-08-18 09:52:15.147
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-08-18 09:52:14.929
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-08-18 09:52:14.710
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.